Accelerating Cyber Defenses with Intelligence Automation

The Challenge

Organizations large and small are struggling with manually processing and responding to threats and alerts to keep up with today's dynamic threat landscape.

Threat information is delivered to organizations in varying ways - Email, PDF, APIs, JSON, STIX/TAXII, etc. End users then process the data, in many cases manually, to determine the relevance to the organization. The relevance and timeliness helps an organization make a decision about whether they need to address the threat and take action.

This action phase results in creating new rules in the firewall, SNORT rules in the IDS, updates to the proxy server, and new rules in SIEM. Performing this action throughout the day, evening, weekend - whenever the latest information is delivered.

Manually processing the data, understanding the reports, and creating the types of rules for the existing security devices is a time consuming effort. In large organizations there are often dedicated teams who operate the various security tools; however, in smaller organizations it is often just a few people who have that responsibility. It is no wonder the largest complaint about threat intelligence is the inability to keep up and take action on the data.

Challenges with this approach:

Operator Intensive

Inefficient Process

Complex Log Queries

Enforcement Limits

Overwhelming Datasets

Multiple Standards

The challenge of managing threat intelligence across the enterprise

End User Concerns

"It takes us 45 minutes on average to take an email alert to a protective action."

Internet Service Provider

"I don't have time to read a 200 page pdf report to understand the latest threats and figure out how to defend against it."

Online Retailer

"I get emails at 4am and have to roll out of bed to get the IP addresses into my firewall."

Regional Bank

“Actionability is the most significant problem for organizations today looking to leverage threat intelligence. It is crucial in delivering return on investment based on your specific requirements.”

Threat Intelligence Use Case

In order to keep up with the volume of intelligence, we must be able to do so dynamically, machine-to-machine. Machine Readable Threat Intelligence (MRTI) is available in multiple formats and update intervals. The Machine Readable Threat Intelligence is able to keep up with the data, therefore, allowing the analysts to focus on other tasks and improve their efficiency.

It is also not enough to simply detect advanced threats in your network. By then, it may be too late. QuickTHREAT turns cyber threat intelligence into protective action on the network. A majority of the hacking events that have occurred in the news have had cyber threat intelligence related to the threat in advance. By leveraging this intelligence, organizations are able to block this activity in the moment, rather than react.

Deploying a RuleGATE at the network edge enables a full end-to-end security platform for Acquiring, Aggregating, and Acting on network threats in real-time.